Different answer when querying @server from different clients
Arthur Ramsey
arthur_ramsey at mediture.com
Fri Mar 6 22:52:50 UTC 2015
I had to disable DNS ALG on Juniper SRX series firewall.
Thanks for the help,
Arthur
On 03/06/2015 04:51 PM, Jeff Sadowski wrote:
> I remember a network engineer that rewrote some DNS entries with a
> cisco router replacing w.x.y.z with a.b.c.d
>
> On Fri, Mar 6, 2015 at 3:46 PM, Arthur Ramsey
> <arthur_ramsey at mediture.com> wrote:
>> I don't think it is views. The same thing happens against Google's public
>> DNS. The two hosts route to the Internet differently and that seems to at
>> the root of the issue somehow.
>>
>> [root at dc01 ~]# dig +short ns1.mediture.com
>> 74.113.249.135
>> [root at dc01 ~]# dig +short ns2.mediture.com
>> 107.23.33.118
>>
>> [root at dc01 ~]# dig @8.8.8.8 +trace great.truchart.com
>>
>> ; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.30.rc1.el6_6.1 <<>> @8.8.8.8 +trace
>> great.truchart.com
>> ; (1 server found)
>> ;; global options: +cmd
>> . 18851 IN NS h.root-servers.net.
>> . 18851 IN NS c.root-servers.net.
>> . 18851 IN NS f.root-servers.net.
>> . 18851 IN NS k.root-servers.net.
>> . 18851 IN NS j.root-servers.net.
>> . 18851 IN NS m.root-servers.net.
>> . 18851 IN NS l.root-servers.net.
>> . 18851 IN NS a.root-servers.net.
>> . 18851 IN NS g.root-servers.net.
>> . 18851 IN NS e.root-servers.net.
>> . 18851 IN NS b.root-servers.net.
>> . 18851 IN NS i.root-servers.net.
>> . 18851 IN NS d.root-servers.net.
>> ;; Received 228 bytes from 8.8.8.8#53(8.8.8.8) in 144 ms
>>
>> com. 172800 IN NS j.gtld-servers.net.
>> com. 172800 IN NS d.gtld-servers.net.
>> com. 172800 IN NS k.gtld-servers.net.
>> com. 172800 IN NS m.gtld-servers.net.
>> com. 172800 IN NS f.gtld-servers.net.
>> com. 172800 IN NS c.gtld-servers.net.
>> com. 172800 IN NS e.gtld-servers.net.
>> com. 172800 IN NS g.gtld-servers.net.
>> com. 172800 IN NS a.gtld-servers.net.
>> com. 172800 IN NS l.gtld-servers.net.
>> com. 172800 IN NS h.gtld-servers.net.
>> com. 172800 IN NS i.gtld-servers.net.
>> com. 172800 IN NS b.gtld-servers.net.
>> ;; Received 496 bytes from 192.228.79.201#53(192.228.79.201) in 146 ms
>>
>> truchart.com. 172800 IN NS ns1.mediture.com.
>> truchart.com. 172800 IN NS ns2.mediture.com.
>> ;; Received 113 bytes from 192.52.178.30#53(192.52.178.30) in 129 ms
>>
>> great.truchart.com. 3600 IN A 192.168.168.225
>> truchart.com. 86400 IN NS ns1.mediture.com.
>> truchart.com. 86400 IN NS ns2.mediture.com.
>> ;; Received 129 bytes from 107.23.33.118#53(107.23.33.118) in 31 ms
>>
>> [root at www02 ~]# dig @8.8.8.8 +trace great.truchart.com
>>
>> ; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.23.rc1.el6_5.1 <<>> @8.8.8.8 +trace
>> great.truchart.com
>> ; (1 server found)
>> ;; global options: +cmd
>> . 18813 IN NS h.root-servers.net.
>> . 18813 IN NS c.root-servers.net.
>> . 18813 IN NS f.root-servers.net.
>> . 18813 IN NS k.root-servers.net.
>> . 18813 IN NS j.root-servers.net.
>> . 18813 IN NS m.root-servers.net.
>> . 18813 IN NS l.root-servers.net.
>> . 18813 IN NS a.root-servers.net.
>> . 18813 IN NS g.root-servers.net.
>> . 18813 IN NS e.root-servers.net.
>> . 18813 IN NS b.root-servers.net.
>> . 18813 IN NS i.root-servers.net.
>> . 18813 IN NS d.root-servers.net.
>> ;; Received 228 bytes from 8.8.8.8#53(8.8.8.8) in 94 ms
>>
>> com. 172800 IN NS f.gtld-servers.net.
>> com. 172800 IN NS b.gtld-servers.net.
>> com. 172800 IN NS c.gtld-servers.net.
>> com. 172800 IN NS l.gtld-servers.net.
>> com. 172800 IN NS m.gtld-servers.net.
>> com. 172800 IN NS k.gtld-servers.net.
>> com. 172800 IN NS e.gtld-servers.net.
>> com. 172800 IN NS j.gtld-servers.net.
>> com. 172800 IN NS d.gtld-servers.net.
>> com. 172800 IN NS g.gtld-servers.net.
>> com. 172800 IN NS a.gtld-servers.net.
>> com. 172800 IN NS i.gtld-servers.net.
>> com. 172800 IN NS h.gtld-servers.net.
>> ;; Received 508 bytes from 192.58.128.30#53(192.58.128.30) in 220 ms
>>
>> truchart.com. 172800 IN NS ns1.mediture.com.
>> truchart.com. 172800 IN NS ns2.mediture.com.
>> ;; Received 113 bytes from 192.48.79.30#53(192.48.79.30) in 224 ms
>>
>> great.truchart.com. 3600 IN A 198.181.115.225
>> truchart.com. 86400 IN NS ns2.mediture.com.
>> truchart.com. 86400 IN NS ns1.mediture.com.
>> ;; Received 129 bytes from 107.23.33.118#53(107.23.33.118) in 32 ms
>>
>> [root at www02 ~]# dig +short ns1.mediture.com
>> 74.113.249.135
>> [root at www02 ~]# dig +short ns2.mediture.com
>> 107.23.33.118
>>
>> On 03/06/2015 03:54 PM, Lightner, Jeff wrote:
>>> Check where each host thinks the 2 mediture.com name servers are.
>>>
>>> I saw an issue recently where I was getting different answers inside my
>>> organization than I did outside and it turned out that one of the subsequent
>>> lookups in the trace was being answered differently so the final answer was
>>> different as a result. (In our case it was because we host the same domain
>>> separately on both external BIND servers and on internal Windows DNS
>>> servers.)
>>>
>>> It took me a while looking at it to realize what was happening because I
>>> thought trace always starts at root servers and go down the outside path
>>> from there but what it actually does it start at root servers then does
>>> lookups for each subsequent domain referenced which often enough will be
>>> different than the domain you were tracing.
>>>
>>>
>>>
>>> -----Original Message-----
>>> From: bind-users-bounces at lists.isc.org
>>> [mailto:bind-users-bounces at lists.isc.org] On Behalf Of Arthur Ramsey
>>> Sent: Friday, March 06, 2015 4:44 PM
>>> To: bind-users at lists.isc.org
>>> Subject: Different answer when querying @server from different clients
>>>
>>> I can't figure out why these two hosts resolve great.truchart.com
>>> differently when querying the authoritative server.
>>>
>>> [root at dc01 ~]# dig +trace great.truchart.com @74.113.249.135
>>>
>>> ; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.30.rc1.el6_6.1 <<>> +trace
>>> great.truchart.com @74.113.249.135 ;; global options: +cmd
>>> . 513596 IN NS i.root-servers.net.
>>> . 513596 IN NS j.root-servers.net.
>>> . 513596 IN NS f.root-servers.net.
>>> . 513596 IN NS e.root-servers.net.
>>> . 513596 IN NS m.root-servers.net.
>>> . 513596 IN NS l.root-servers.net.
>>> . 513596 IN NS c.root-servers.net.
>>> . 513596 IN NS a.root-servers.net.
>>> . 513596 IN NS g.root-servers.net.
>>> . 513596 IN NS h.root-servers.net.
>>> . 513596 IN NS b.root-servers.net.
>>> . 513596 IN NS d.root-servers.net.
>>> . 513596 IN NS k.root-servers.net.
>>> ;; Received 228 bytes from 74.113.249.135#53(74.113.249.135) in 125 ms
>>>
>>> com. 172800 IN NS a.gtld-servers.net.
>>> com. 172800 IN NS b.gtld-servers.net.
>>> com. 172800 IN NS c.gtld-servers.net.
>>> com. 172800 IN NS d.gtld-servers.net.
>>> com. 172800 IN NS e.gtld-servers.net.
>>> com. 172800 IN NS f.gtld-servers.net.
>>> com. 172800 IN NS g.gtld-servers.net.
>>> com. 172800 IN NS h.gtld-servers.net.
>>> com. 172800 IN NS i.gtld-servers.net.
>>> com. 172800 IN NS j.gtld-servers.net.
>>> com. 172800 IN NS k.gtld-servers.net.
>>> com. 172800 IN NS l.gtld-servers.net.
>>> com. 172800 IN NS m.gtld-servers.net.
>>> ;; Received 496 bytes from 198.41.0.4#53(198.41.0.4) in 121 ms
>>>
>>> truchart.com. 172800 IN NS ns1.mediture.com.
>>> truchart.com. 172800 IN NS ns2.mediture.com.
>>> ;; Received 113 bytes from 192.33.14.30#53(192.33.14.30) in 111 ms
>>>
>>> great.truchart.com. 3600 IN A 192.168.168.225
>>> truchart.com. 86400 IN NS ns2.mediture.com.
>>> truchart.com. 86400 IN NS ns1.mediture.com.
>>> ;; Received 129 bytes from 74.113.249.135#53(74.113.249.135) in 3 ms
>>>
>>> [root at www02 ~]# dig +trace great.truchart.com @74.113.249.135
>>>
>>> ; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.23.rc1.el6_5.1 <<>> +trace
>>> great.truchart.com @74.113.249.135 ;; global options: +cmd
>>> . 514584 IN NS d.root-servers.net.
>>> . 514584 IN NS h.root-servers.net.
>>> . 514584 IN NS l.root-servers.net.
>>> . 514584 IN NS g.root-servers.net.
>>> . 514584 IN NS j.root-servers.net.
>>> . 514584 IN NS m.root-servers.net.
>>> . 514584 IN NS b.root-servers.net.
>>> . 514584 IN NS k.root-servers.net.
>>> . 514584 IN NS a.root-servers.net.
>>> . 514584 IN NS c.root-servers.net.
>>> . 514584 IN NS e.root-servers.net.
>>> . 514584 IN NS f.root-servers.net.
>>> . 514584 IN NS i.root-servers.net.
>>> ;; Received 228 bytes from 74.113.249.135#53(74.113.249.135) in 183 ms
>>>
>>> com. 172800 IN NS b.gtld-servers.net.
>>> com. 172800 IN NS f.gtld-servers.net.
>>> com. 172800 IN NS d.gtld-servers.net.
>>> com. 172800 IN NS a.gtld-servers.net.
>>> com. 172800 IN NS g.gtld-servers.net.
>>> com. 172800 IN NS e.gtld-servers.net.
>>> com. 172800 IN NS c.gtld-servers.net.
>>> com. 172800 IN NS k.gtld-servers.net.
>>> com. 172800 IN NS h.gtld-servers.net.
>>> com. 172800 IN NS m.gtld-servers.net.
>>> com. 172800 IN NS i.gtld-servers.net.
>>> com. 172800 IN NS l.gtld-servers.net.
>>> com. 172800 IN NS j.gtld-servers.net.
>>> ;; Received 496 bytes from 202.12.27.33#53(202.12.27.33) in 267 ms
>>>
>>> truchart.com. 172800 IN NS ns1.mediture.com.
>>> truchart.com. 172800 IN NS ns2.mediture.com.
>>> ;; Received 113 bytes from 192.43.172.30#53(192.43.172.30) in 70 ms
>>>
>>> great.truchart.com. 3600 IN A 198.181.115.225
>>> truchart.com. 86400 IN NS ns2.mediture.com.
>>> truchart.com. 86400 IN NS ns1.mediture.com.
>>> ;; Received 129 bytes from 107.23.33.118#53(107.23.33.118) in 31 ms
>>>
>>> --
>>> Arthur Ramsey
>>> Systems Administrator
>>> Mediture
>>> arthur_ramsey at mediture.com
>>> 952.400.0323
>>>
>>> This e-mail and any attachments may contain CONFIDENTIAL information,
>>> including PROTECTED HEALTH INFORMATION. If you are not the intended
>>> recipient, any use or disclosure of this information is STRICTLY PROHIBITED;
>>> you are requested to delete this e-mail and any attachments, notify the
>>> sender immediately, and notify the Mediture Privacy Officer at
>>> privacyofficer at mediture.com.
>>>
>>>
>>>
>>> _______________________________________________
>>> Please visit https://lists.isc.org/mailman/listinfo/bind-users to
>>> unsubscribe from this list
>>>
>>> bind-users mailing list
>>> bind-users at lists.isc.org
>>> https://lists.isc.org/mailman/listinfo/bind-users
>>
>> --
>> Arthur Ramsey
>> Systems Administrator
>> Mediture
>> arthur_ramsey at mediture.com
>> 952.400.0323
>>
>> This e-mail and any attachments may contain CONFIDENTIAL information,
>> including PROTECTED HEALTH INFORMATION. If you are not the intended
>> recipient, any use or disclosure of this information is STRICTLY PROHIBITED;
>> you are requested to delete this e-mail and any attachments, notify the
>> sender immediately, and notify the Mediture Privacy Officer at
>> privacyofficer at mediture.com.
>>
>>
>>
>> _______________________________________________
>> Please visit https://lists.isc.org/mailman/listinfo/bind-users to
>> unsubscribe from this list
>>
>> bind-users mailing list
>> bind-users at lists.isc.org
>> https://lists.isc.org/mailman/listinfo/bind-users
--
Arthur Ramsey
Systems Administrator
Mediture
arthur_ramsey at mediture.com
952.400.0323
This e-mail and any attachments may contain CONFIDENTIAL information, including PROTECTED HEALTH INFORMATION. If you are not the intended recipient, any use or disclosure of this information is STRICTLY PROHIBITED; you are requested to delete this e-mail and any attachments, notify the sender immediately, and notify the Mediture Privacy Officer at privacyofficer at mediture.com.
More information about the bind-users
mailing list